While not exactly available on the shelves of the local big-box wholesale store
aspiring computer criminals can now buy custom built trojan code online. Quoting
the article from the Panda website:
02/24/06.- PandaLabs uncovers a complex malware creation system designed to spy and steal personal data.
After Panda ActiveScan detected a malicious code designed to spy on infected computers and capture data, a complex espionage system has been uncovered. This system sells made-to-measure Trojans to hackers for US $990.
The article continues and points out the specifics of the malicious program:
PandaLabs has detected a new Trojan called Trj/Briz.A, whose main aim is to steal personal user data from affected computers. This code stands out because it specializes in stealing bank details and data from web forms and that its author customizes the code for hackers.
Of course it’s a basic axiom of business that it’s essential to manage your assets
carefully. This developer knows their marketing as the Panda article adds:
Apart from the code, cyber-crooks that buy this crimeware also get a complex system for controlling the status of the infection caused by the custom Trojan. This allows the client to get a list containing a large quantity of data about the infected computers: IP addresses, passwords and even the physical location of the computers. In this way, the cyber-crooks can always have their malicious activity under control.
Trend watchers of malware development have been aware that for about the past
two years there’s been a movement away from the traditional “hacking for fun
and fame” to a business model of electronic crime for profit. The Panda article
makes note of this point:
Luis Corrons, director of PandaLabs, explains that “as authors of Internet threats have changed their objective, which is now financial gain, they have also changed the way they design their threats. Therefore, they try to ensure that their creations go unnoticed, to both users and security companies, for as long as possible.”
Kaspersky labs, a leading name in antivirus research and software, discusses
this trend in their white paper, The Cybercrime Ecosystem.
Where as previously the development of such high caliber malicious software took significant programming skill and experience it’s now available as an “off the shelf” item.
The cost and other barriers to entry to becoming a cyber criminal have just been lowered. As such it seems likely that the sophistication level and sheer number of threats will continue to rise.
I wonder if they take PayPal?